Windows
Analysis Report
0060599005-A05-049-4.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 2164 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\0 060599005- A05-049-4. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6968 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7360 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 96 --field -trial-han dle=1648,i ,112724633 6365112275 6,70761052 3414122862 4,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.61.208.184 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431068 |
Start date and time: | 2024-04-24 14:34:28 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 0060599005-A05-049-4.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/41@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.190.190.195, 20.190.190.193, 20.190.190.130, 20.190.190.129, 40.126.62.130, 20.190.190.194, 20.190.190.196, 20.190.190.131, 104.85.240.187, 107.22.247.231, 34.193.227.236, 18.207.85.246, 54.144.73.197, 172.64.41.3, 162.159.61.3, 184.28.81.158, 184.28.81.142
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, ocsp.edge.digicert.com, geo2.adobe.com, www.tm.lg.prod.aadmsa.trafficmanager.net
- VT rate limit hit for: 0060599005-A05-049-4.pdf
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.200990920340979 |
Encrypted: | false |
SSDEEP: | 6:vEFJX4q2P92nKuAl9OmbnIFUt8YP3JZmw+YP3DkwO92nKuAl9OmbjLJ:k54v4HAahFUt8UJ/+UD5LHAaSJ |
MD5: | AA3EA330FC5AF8C7D0F364728BEE5168 |
SHA1: | 7D0D57ACF3FDE3A7E1DF8BBA095957038814BE64 |
SHA-256: | 14A3EBE4AA110C506F8C9ECA7A9CAA8F2C75F5BAD6D44F9DEB83DE60FF2EE7CA |
SHA-512: | 1BBAF2711DEF939633229E58ECEDF3FFA0CA419F99DD251083D560A914E03FFCEF070FE26F55E08A6B4F802F329666C25A2ECB1E2FC0D2D877119314D649A3F5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.200990920340979 |
Encrypted: | false |
SSDEEP: | 6:vEFJX4q2P92nKuAl9OmbnIFUt8YP3JZmw+YP3DkwO92nKuAl9OmbjLJ:k54v4HAahFUt8UJ/+UD5LHAaSJ |
MD5: | AA3EA330FC5AF8C7D0F364728BEE5168 |
SHA1: | 7D0D57ACF3FDE3A7E1DF8BBA095957038814BE64 |
SHA-256: | 14A3EBE4AA110C506F8C9ECA7A9CAA8F2C75F5BAD6D44F9DEB83DE60FF2EE7CA |
SHA-512: | 1BBAF2711DEF939633229E58ECEDF3FFA0CA419F99DD251083D560A914E03FFCEF070FE26F55E08A6B4F802F329666C25A2ECB1E2FC0D2D877119314D649A3F5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.174639927719111 |
Encrypted: | false |
SSDEEP: | 6:vVQL+q2P92nKuAl9Ombzo2jMGIFUt8YWFfApGKWZmw+YOQLVkwO92nKuAl9Ombzz:m+v4HAa8uFUt8DFfAoKW/+4V5LHAa8RJ |
MD5: | 082F50A56DBA3DE2CB8391E77E05A323 |
SHA1: | 7D41FE5421068B5C0E110AFD74A815DCD994B6CD |
SHA-256: | 9B658E4D5E19FDE052C6CB4A401C35266EBB03E76BF61CBD295756A6AB15F25B |
SHA-512: | A0840E1B511C2851387E919CE807155214DFD278AB77E028A042F44CAFC7AE7F1B5E65643B34746ADFB218AEFD3F80C0DC769CEC3939999B1333C48ED7C5642A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.174639927719111 |
Encrypted: | false |
SSDEEP: | 6:vVQL+q2P92nKuAl9Ombzo2jMGIFUt8YWFfApGKWZmw+YOQLVkwO92nKuAl9Ombzz:m+v4HAa8uFUt8DFfAoKW/+4V5LHAa8RJ |
MD5: | 082F50A56DBA3DE2CB8391E77E05A323 |
SHA1: | 7D41FE5421068B5C0E110AFD74A815DCD994B6CD |
SHA-256: | 9B658E4D5E19FDE052C6CB4A401C35266EBB03E76BF61CBD295756A6AB15F25B |
SHA-512: | A0840E1B511C2851387E919CE807155214DFD278AB77E028A042F44CAFC7AE7F1B5E65643B34746ADFB218AEFD3F80C0DC769CEC3939999B1333C48ED7C5642A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1edb9bfe-1e18-4d1e-9803-456aa919981d.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.056897427179479 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZfyhsBdOg2HZcaq3QYiubxnP7E4T3OF+:Y2sRdsayydMHg3QYhbxP7nbI+ |
MD5: | E16374CE3014B1B735853E043E1DDB79 |
SHA1: | 5CB57D7D539D911142E7D30BB88BEBBF0E27A2AD |
SHA-256: | DF85C6ECDC1C07F822C163662A12C03CB92D82B8642916ABE10D1D318B9B60F0 |
SHA-512: | 26D8CBC5BDDDF5A0114CB74146AA5F5B004BAE9D3C9694B142ADF02465AB8FAE7DF1AFE9310F658D5D01152B3CDB1BF8709E6D32152CBD270B33CF9C6B3AB5B8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.056897427179479 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZfyhsBdOg2HZcaq3QYiubxnP7E4T3OF+:Y2sRdsayydMHg3QYhbxP7nbI+ |
MD5: | E16374CE3014B1B735853E043E1DDB79 |
SHA1: | 5CB57D7D539D911142E7D30BB88BEBBF0E27A2AD |
SHA-256: | DF85C6ECDC1C07F822C163662A12C03CB92D82B8642916ABE10D1D318B9B60F0 |
SHA-512: | 26D8CBC5BDDDF5A0114CB74146AA5F5B004BAE9D3C9694B142ADF02465AB8FAE7DF1AFE9310F658D5D01152B3CDB1BF8709E6D32152CBD270B33CF9C6B3AB5B8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.2312357876470985 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUKP6Lk6SPFmoZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLB |
MD5: | AACF7813C8888E6A3988BDA58B3965DC |
SHA1: | EB974D6F702DE58C12DC84251A8FECFC750C1246 |
SHA-256: | 69C848927058B643DEB1F471CA5D9D923FEE53CC32B92940EC43C79F86E0A9B9 |
SHA-512: | 381751A5F353311D409D87258969AAB6B97AED1B06A90B59A01113B0FE68B2D94A5C3434BCE6313A328C6A62EAE13E01DCA0A1F28678D3E1D76E890FCB279C07 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.175885701727754 |
Encrypted: | false |
SSDEEP: | 6:vRpQL+q2P92nKuAl9OmbzNMxIFUt8Y2jSGKWZmw+YMQLVkwO92nKuAl9OmbzNMFd:U+v4HAa8jFUt8zKW/+2V5LHAa84J |
MD5: | A72B99532793264FD9DBB8C404F7BB9C |
SHA1: | AD123C922D100164550CFC78D3F2BB6240A8B77F |
SHA-256: | 4495C04FE8548BB710FB8E1B59303E9CF759CC8F46C070D3E33042C790B62071 |
SHA-512: | DC5084BA28BB47A07FCBAF6170D7A02F7C04107703A420FD4627ED3D26C30D623BB0C79D09054C496BB7350BC0F8BF48E648768A2858CAB6E4320BDD1303A256 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.175885701727754 |
Encrypted: | false |
SSDEEP: | 6:vRpQL+q2P92nKuAl9OmbzNMxIFUt8Y2jSGKWZmw+YMQLVkwO92nKuAl9OmbzNMFd:U+v4HAa8jFUt8zKW/+2V5LHAa84J |
MD5: | A72B99532793264FD9DBB8C404F7BB9C |
SHA1: | AD123C922D100164550CFC78D3F2BB6240A8B77F |
SHA-256: | 4495C04FE8548BB710FB8E1B59303E9CF759CC8F46C070D3E33042C790B62071 |
SHA-512: | DC5084BA28BB47A07FCBAF6170D7A02F7C04107703A420FD4627ED3D26C30D623BB0C79D09054C496BB7350BC0F8BF48E648768A2858CAB6E4320BDD1303A256 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424123542Z-168.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.9891367147772758 |
Encrypted: | false |
SSDEEP: | 192:sT366tGcq+6ZCplhre7t7men01NqzsZDNeFCnfbLoRwB90EBrnZMu2BmNMJPPn:g66AbCpnKt7mWcqRFCnPdihPn |
MD5: | 6CBCFABEBB3428B286C59178A1D4D1A7 |
SHA1: | 5245E5471AE0704DD34D0162692581B2BB2A325E |
SHA-256: | 81352850A2A0F2905BCAE1610EBFC55F45436E1BAC47E9BA07B8B945EF6599F0 |
SHA-512: | 5948782345C05DE609EB18989ADF6A3410C7F8FAD5938A62E3BE359EDA74A74BBAF6EAA6285E3874AE22896E10F462652C3904BC1EAA6E25088E2D9522025531 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.338104734356147 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJM3g98kUwPeUkwRe9:YvXKXTvEYpW7ZnGMbLUkee9 |
MD5: | DB0158A8C5B08598260AA0A5E428CA48 |
SHA1: | 3A87D65F00C875C8BC56619E2DE2DABC4F58AD4F |
SHA-256: | 4071485800116194C44982CA44FBAD3E95D50897001D6438512B001205BC7C14 |
SHA-512: | 923C24F38314DDBCD561037BD57E749DDD61F6C099AC2BDA22DBA4F77E12ACB367B684AA19DA416E8B069BE9310A51AE877F91D3C73E784094B90E1B69095FEA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.275714683684541 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfBoTfXpnrPeUkwRe9:YvXKXTvEYpW7ZnGWTfXcUkee9 |
MD5: | DF0AFEBB848665D1F96B39C5FEDAC680 |
SHA1: | 24023A0AF4AF8A308FA759B5C55DAB3152A1F43E |
SHA-256: | B05B850551A159F5E915AD45AEEBCFAA0B6A78911F12C1EECA2F8AA5C1CFF871 |
SHA-512: | 464DF25C0F3C5EBAF629F22F780585F9B448613CF0FB3BBBF7FE727DC964BC4812B262033016DA426DEB16C2AF4FE743A7A82C4A95AFE2C4DDFFEB15DDB1C423 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2535647772616105 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfBD2G6UpnrPeUkwRe9:YvXKXTvEYpW7ZnGR22cUkee9 |
MD5: | C7AFE728D8B64BCA237CFC61043A3965 |
SHA1: | DC7AC199E95FCF28E786278D6147184830F28263 |
SHA-256: | 323CBACC8BB7EC9309DD9E58FBB0A3628BA5D47221A4784B7A8836B6BEB6D26D |
SHA-512: | 0172085AAA192D660E6CEA6E57CE0AD58AA3C04DDB87DEEB86944B127BFC770ECAB374251C86A1FAA924B1C8BC816835260ED4954E3E52904A96E5A825CEC6F1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.316111343520221 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfPmwrPeUkwRe9:YvXKXTvEYpW7ZnGH56Ukee9 |
MD5: | C64D94DF473DFA062CA32542BFD27952 |
SHA1: | ED5F129679E5ADD5EE978A84F8D4AF0BBE9F3915 |
SHA-256: | 58AA9B0519395DFA1162407272CBD3190E386B973D18B8D4D3A3308108202FBD |
SHA-512: | 7539F387CA57531728B70FBA483699FD75D378D3DA658C3F3D792B1F7477CD131CBE77F11FF9EFF217111425F29CCEE2AC4EFB7A07D5D375B4C7DA3C7923D8D0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.277221463188724 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfJWCtMdPeUkwRe9:YvXKXTvEYpW7ZnGBS8Ukee9 |
MD5: | 4F504DF3CBF552B7516CBD9AC1144C5F |
SHA1: | 29091BFEAA47CFDA61640C5BC0344FE403C3C0B2 |
SHA-256: | F0A07EB2E22CBCDBB48602F9B83C60683290F5D3A470A5D250A341FEF92C8BCF |
SHA-512: | C71F5FFD588A69F6550C24E4AFE742EA929A6AC6E2DB64B3092879FA4E3DF5ED4AEBCC515F0DBFFD25CD0AB2C704447C04EFC5C04C2DBA37F096F71A51556AD0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.262343037528722 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJf8dPeUkwRe9:YvXKXTvEYpW7ZnGU8Ukee9 |
MD5: | D0DFBA76318B48A908A3D4D738262BA6 |
SHA1: | 2A237708E86DDFD8EB2ED4ED8DECCBBB66CBB966 |
SHA-256: | 7CC11D4720C461C6E9F8649E69CE32B1BD3365C276744589E337CE889C7387E2 |
SHA-512: | 7BD7643D76F9257BD361E43AD58EFA15E50322C05770831674DD157FFA262C33A3CE4EA8F01A599C11C7C28AB56A654653FF8FA3C53CE9FB7617732451254A52 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.2633554987101 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfQ1rPeUkwRe9:YvXKXTvEYpW7ZnGY16Ukee9 |
MD5: | 8F18B623C6ADF2F01631BAE2DD1BAB8E |
SHA1: | 2ACA4F0646D52814851326DD80F3346C0B53BA65 |
SHA-256: | E1D8F9A5275720B8C6D0093D7CE59763DDA72A351D8059EBC322CDD2BE2BBB90 |
SHA-512: | E5497C5233A042A414E4E60B031ABFFDC54FA5F2C8DA9A2D6EA96C71375CFCD4A73E2B264D1954AE7F2C3E0C5F5FF243382AB4A552F5632914670D46AEAD64F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.2833145442858225 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfFldPeUkwRe9:YvXKXTvEYpW7ZnGz8Ukee9 |
MD5: | 2D1016B7B454BBA2D705DB3D84CE5B5B |
SHA1: | 29AF71869B4112800E118593DC35DCC430456870 |
SHA-256: | 47680C72E9AEA5ECE20359918D45DEB3279B927DA6D8FAB4B30C93703D03B699 |
SHA-512: | BB2F2D55658A816D4C0EAA832BD563D58B937D56AB353BB85B60F0614F0D542BB6F3313C13CDC21CBE4DE0C30C1B2B8E54A0A993F954CF19475602B815BDAA20 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.739070908085887 |
Encrypted: | false |
SSDEEP: | 24:Yv6XhiZ/KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNel:Yv3Z/EgigrNt0wSJn+ns8cvFJYl |
MD5: | 5A0E7530F0F72510F31EFEFF34C3F89F |
SHA1: | 2B07D086DAAF2132D7B350D5968A28F8D3029811 |
SHA-256: | 93005E94F8FC94AB5790977375C3F98BD48C23537BE7281F6801B00F100CB90C |
SHA-512: | 7EEEA73D0F35159DBEE2BF02840D941F235D08E0B3735E0080B6B4C920515D731E35BEACB43ECDD72E09D1EC748E36D9AE29AEE5046729B06904479B57B816ED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.271063476470055 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfYdPeUkwRe9:YvXKXTvEYpW7ZnGg8Ukee9 |
MD5: | EFD15453E5A15CD45DCF8E5BB45E280D |
SHA1: | 18FD9D1C7C046263B822EBE512E46AB56DE87970 |
SHA-256: | 5E643D8BC42BEC78B9C59A734F836F60E5D9AFF123AD93C62380191655D8FE76 |
SHA-512: | 86C8303A0377946B1D4B0897F1554F5615EF1C0E4724A9E8BA66002B4E19B8C196B82EF8ACC9959E748FA219E4B386FD77BC8B19158B8F47B33B4826FB2B2585 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.773391328190729 |
Encrypted: | false |
SSDEEP: | 24:Yv6XhiZCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGl:Yv3ZCHgDv3W2aYQfgB5OUupHrQ9FJUl |
MD5: | 030DF69699722E1AE76F4C7E3BD302F5 |
SHA1: | 4EFE0BBABCE33DA2F484E3975E6FAC9AD385D6A5 |
SHA-256: | CB605EB06B0D27AC1036A8DD7A247DD3C3AF464E3E4ADBA4229164516B520A0A |
SHA-512: | EBB2C76AC1DB2EC4FC7289F320B298C1B4AC73AAE7FB1DC416CA10CA48B0CC30EE9F654A815E113A70E45CA156770F38BE04531B77CFA27C5C0DF491D760BDD3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.254809450594297 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfbPtdPeUkwRe9:YvXKXTvEYpW7ZnGDV8Ukee9 |
MD5: | 62D6799CC10BB1356B3DA7E5767C4C64 |
SHA1: | A32709A5100BFFBEBD4E9DA8249B7C88B56B56B9 |
SHA-256: | 564027F76A6CD8210A63FFB2F2B7AE615542BF2D5C67D001071DCDB8371D907B |
SHA-512: | 93D67A06D0EEF946CA150709E45B75EA8BC9E24AF0D11E8CF0519FCC1332005A6EDBF4A20D7C73F4C4D081A3A9F207ADC93B44D7A3A1D0379ABF1B0B19EE5B17 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.255432395089316 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJf21rPeUkwRe9:YvXKXTvEYpW7ZnG+16Ukee9 |
MD5: | 9A5B04D42EB1D9757788279F6CA06B0B |
SHA1: | 4AB1F855080AF1E083C3661CB2FBFE2CC3C2A4CB |
SHA-256: | 91FEB2875974CD0B0A5A5E0F7BB7CE39B0991FB4F3BD0DD1079A60F53D3C5FE2 |
SHA-512: | 14ACC1AE345728C95D7DF9C4AFC821B2DF59A506F3EE3B9C5D1356F5084DB1CDB1880BB25703BEC4C2B751052401A2A90423776000952A138637B075463A987F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.277604787153981 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfbpatdPeUkwRe9:YvXKXTvEYpW7ZnGVat8Ukee9 |
MD5: | A8AA4146C415316EF715D66ACC2752E6 |
SHA1: | 9BF677B5E37D6F9DEE688229245D12943E2E497B |
SHA-256: | 5DFCD05B5C2E826DAF4CB7AEB1FC3AD606EF01F5D3253B8037EAC8F8BB31C620 |
SHA-512: | 7C3D90F92F379073BA4EAD3CE1FBF0C5A43F59FD04B3E57D2766937C4646BFE7BFA26B8C6DD0C97E41A0427F89F6FB9095F2D78FD1167AAECCFB877C940F01D9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.230298582474772 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXXaIEGhz7+FIbRI6XVW7+0YC7UoAvJfshHHrPeUkwRe9:YvXKXTvEYpW7ZnGUUUkee9 |
MD5: | EBC396E1BF3C640127E5F8F47860EDBB |
SHA1: | A98B3B2CCDF597ADAD7A697BD826AF8C30E39943 |
SHA-256: | B134C9ADC65FE73C977AF3A8095B760B99932025EF5C90815BEC71F97F942205 |
SHA-512: | 25C049510261B8F743FEF5E47C9659D62507C4DA8C97F1F7D2F88AA8579209055799070D29405B246E5DBC957BB171E3457032740C2147DE72723FE1AFD00DEC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.363864917820942 |
Encrypted: | false |
SSDEEP: | 12:YvXKXTvEYpW7ZnGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKln:Yv6XhiZn168CgEXX5kcIfANhBl |
MD5: | EA71325D145F7144A90C7CDD40C968C3 |
SHA1: | D5B4B9B74749CC9C8057FF43E3D8A5D4DF2840BA |
SHA-256: | C4BD12C6C93A41EF894FD1A21C2E45C8F51C2F61EB9EF2F3B8282078835C6F8F |
SHA-512: | 1E87D037373319B965D7E568E7B0EB82721F99E058F68265185D9F60E2B7DD6318AA9531D48DE21C831672E015B6DE345130EE9F66DECAB031B80D9C530163A9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.140171209182384 |
Encrypted: | false |
SSDEEP: | 48:YFAV4ckJlcObhAgThoSNH0FRz66FKKscxf5W8w9t9OP9h:qAVSHvbhAgThoSJ0Dz66Fd5xRWT9TOPf |
MD5: | 7C4CFF60EC1E1EEFF9788C53667BA475 |
SHA1: | E4C2ED53EAA98DF80D48BEC3C71595FE1D493045 |
SHA-256: | E04740789AFD2D3361D3D30793A0561097660A9E6FB285726850BD8422011BA7 |
SHA-512: | 6202E0421DA4706E16DCF2F00F4A9E18E8A328754B204326429394BF14E48732294526939EEC7EBD9AE298943B6EF143BFCE6AAB9386A120C469E213657F33E0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9840390128136142 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spkex4zJwtNBwtNbRZ6bRZ4LexF:TVl2GL7ms6ggOVpmzutYtp6P1 |
MD5: | 8C02EBFD0DE3CA829B718C290EDE7320 |
SHA1: | 22E875FBB34272C074FFA62633FA836467F522F8 |
SHA-256: | 88E07EB3BD4D9DB0BCDD5C88009B5DC9CE7A4EDE08482C05752E5898652D19E0 |
SHA-512: | 1AF7A6B3ACD181A7E2A8CCB38EC98201B65B235766A059E21B8CEA08692FE6F7CC5C15F221346B6EC20DC92A4716C8A61BD8F8375F9B2E24B3E8F14072829A29 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3384196341266148 |
Encrypted: | false |
SSDEEP: | 24:7+tmAD1RZKHs/Ds/SpkexPzJwtNBwtNbRZ6bRZWf1RZKwpqLBx/XYKQvGJF7ursp:7MmGgOVp9zutYtp6PMzpqll2GL7msp |
MD5: | AC44BACA2B2EE40526A8D45FDC59B990 |
SHA1: | 54F0E119CB50BE29680B382130E7256B57CC5468 |
SHA-256: | D14EE58D3C17DC8149E0B748582E6B0F84A170B74A3287CA3B1D2046410A1488 |
SHA-512: | E716126069989583B3B612D0635788D0CAF80D3A3E8FA2D769E07E8A3E0A081C84D9E3141DE4742B5ED8D288C601C7370D25237B137AC5E81862D9FF5B76CE9E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5162684137903053 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aRdQKw:Qw946cPbiOxDlbYnuRKHYH |
MD5: | EAE751F34A20385C146099F7D5FA39BD |
SHA1: | DA7CB6AB0F1803D9511F7A485807B4803E8428EF |
SHA-256: | 30A17E3C08EE38806351C158B56601980B518E5E868A8270BF349D41AF6760A9 |
SHA-512: | 147C9BCF5AF3A0723EF10868535DE5675D120A6A9F5C6FA1363C98B0E0AFD5B36C01E897C8D9411C9509AB3A137E7DE53E04D9454FBB880A72CF89342AF97998 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 14-35-40-395.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.383400639423554 |
Encrypted: | false |
SSDEEP: | 384:eNJpUQlE5iCRvRy+F+B5zExBGl+hxlOGVCUGykoFuYRPO0nVkQvV4VkR+kY3oEIQ:IlL |
MD5: | 4DB512BFB4182D2734CDDDE307D20834 |
SHA1: | 21D10AEE34E4B22FA9AD8DB72DDFB0C7CD201C7F |
SHA-256: | 8E1DE19E229BEFA8ADD833BB5CE922712293ECA7930D8D2D89D967A79D61D2BA |
SHA-512: | 76ABB33862DCE7E48D8236A1133DA9784C851943F112AE6F45F602989881AEC3607686104D37E93E24683C1C18DACCEB52FCDF7D3BA6028E5D5E79AD8F3853DD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.385159859872756 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbM:I |
MD5: | 43F7C0AD6BB8F00306F7770DBEC372DE |
SHA1: | 5E16C5916A565291AE173E689B6851066D328C7B |
SHA-256: | 0C2D27D7136C9DA3F2538FB9BB7206F5D51437751B696C47837400E15A396E42 |
SHA-512: | 23B60CE875FB4F1150C85261A087AF0A7C9D3FC8D669620BB7693497D419CF7F18AF360C7181C4933A7F107B2988256C5508D1C9084A7B3228ECCAFEA2A1B059 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9911498289339615 |
TrID: |
|
File name: | 0060599005-A05-049-4.pdf |
File size: | 378'868 bytes |
MD5: | 398a2ac72d023fee742020f4c5bd9afc |
SHA1: | 65e4dfd26cc6bd07967558ee01691661faaad4c3 |
SHA256: | e73b7f86bf046705c827bfb3e87f7787245aa04a365d08c51a2f8ae185918068 |
SHA512: | 328884f7d431a0019d6b24e7ed3138e8fe64f1de9c97e801d493676aab64515dfc465b1ebf6db0629f9cc4dde76611b425d3e72cbb8703a10390b58b0114808e |
SSDEEP: | 6144:DMFaDmw7wBrtnmR/3RRRRRRhxsvR27BR7z1cOq0+yVzQowjCbrgzDX/wl88P3pmZ:DMFaaYs5n0pxsvREDhcv0+ytQo5rQnKc |
TLSH: | 478423159A3EC0EEB616D726A8782E71B1C391813C4136BF356C8C4D1711DA8ED8DFEA |
File Content Preview: | %PDF-1.7.%.....2 0 obj<</AcroForm 4 0 R/Metadata 5 0 R/PageLabels 6 0 R/Pages 7 0 R/StructTreeRoot 8 0 R/Type/Catalog>>.endobj.5 0 obj<</Length 3254/Subtype/XML/Type/Metadata>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns: |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.991150 |
Total Bytes: | 378868 |
Stream Entropy: | 7.993229 |
Stream Bytes: | 373509 |
Entropy outside Streams: | 5.151837 |
Bytes outside Streams: | 5359 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 54 |
endobj | 54 |
stream | 53 |
endstream | 53 |
xref | 0 |
trailer | 0 |
startxref | 1 |
/Page | 0 |
/Encrypt | 0 |
/ObjStm | 2 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 1 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
44 | 0808000021034629 | 05d51d1d4b577ca1876d5133956e8427 | |
45 | 75b7979d8c6363d9 | 0900e8c0280307fe47e5dad1f335f493 | |
152 | 3613934133170b37 | e69cdd54c9d045c69ec6ecd0f0c866a2 | |
185 | 8c8db4cbf23f473d | ddeeeff2e427b89fd02b60635ae7f86d |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 14:35:51.557400942 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:51.557441950 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:51.557544947 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:51.557910919 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:51.557924032 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.042715073 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.043045998 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:52.043064117 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.047385931 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.047456980 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:52.049534082 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:52.049781084 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:52.049788952 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.049963951 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.094153881 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:52.094167948 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.141000986 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:52.210901976 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.210966110 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Apr 24, 2024 14:35:52.211081028 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:52.211639881 CEST | 49737 | 443 | 192.168.2.5 | 23.61.208.184 |
Apr 24, 2024 14:35:52.211657047 CEST | 443 | 49737 | 23.61.208.184 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 24, 2024 14:35:32.696691990 CEST | 1.1.1.1 | 192.168.2.5 | 0x6f1d | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 24, 2024 14:35:32.696691990 CEST | 1.1.1.1 | 192.168.2.5 | 0x6f1d | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49737 | 23.61.208.184 | 443 | 7360 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 12:35:52 UTC | 475 | OUT | |
2024-04-24 12:35:52 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:35:36 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:35:37 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:35:38 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |